| 1.1.1.1 Ensure cramfs kernel module is not available | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.4 Ensure overlay kernel module is not available | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.3.3 Ensure nosuid option set on /home partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.4.2 Ensure nodev option set on /var partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.5.4 Ensure noexec option set on /var/tmp partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 1.1.2.7.3 Ensure nosuid option set on /var/log/audit partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 1.2.1 Ensure GPG keys are configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4 Ensure package manager repositories are configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.4.1.3 Ensure SELinux policy is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.4.1.4 Ensure the SELinux mode is not disabled | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.4 Ensure fs.suid_dumpable is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.5.7 Ensure kernel.yama.ptrace_scope is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5.10 Ensure systemd-coredump Storage is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.6.2 Ensure local login warning banner is configured properly | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure time synchronization is in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.2 Ensure chrony is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.5 Ensure dnsmasq services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.6 Ensure samba file server services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.10 Ensure nis server services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.19 Ensure xinetd services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.21 Ensure mail transfer agents are configured for local-only mode | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.3.1 Ensure ftp client is not installed | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure can kernel module is not available | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure sctp kernel module is not available | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.3 Ensure net.ipv4.conf.default.forwarding is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.8 Ensure net.ipv4.conf.all.accept_redirects is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.11 Ensure net.ipv4.conf.default.secure_redirects is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.12 Ensure net.ipv4.conf.all.rp_filter is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.13 Ensure net.ipv4.conf.default.rp_filter is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.16 Ensure net.ipv4.conf.all.log_martians is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.17 Ensure net.ipv4.conf.default.log_martians is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.18 Ensure net.ipv4.tcp_syncookies is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2.1 Ensure net.ipv6.conf.all.forwarding is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2.5 Ensure net.ipv6.conf.all.accept_source_route is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.1.1.2 Ensure access to /etc/crontab is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1.4 Ensure access to /etc/cron.daily is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1.5 Ensure access to /etc/cron.weekly is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1.8 Ensure access to crontab is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.1 Ensure access to /etc/ssh/sshd_config is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.7 Ensure sshd ClientAliveInterval and ClientAliveCountMax are configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.2.10 Ensure sshd HostbasedAuthentication is disabled | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.2.18 Ensure sshd MaxStartups is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.2 Ensure libpwquality is installed | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.2.3.4 Ensure pam_pwhistory includes use_authtok | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.2.4.3 Ensure pam_unix includes a strong password hashing algorithm | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5.1.2 Ensure minimum password days is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.4 Ensure strong password hashing algorithm is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5.2.5 Ensure root path integrity | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.5.2.6 Ensure root user umask is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.1.3 Ensure journald Compress is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
