| 1.1.2.9.1 Ensure the "/boot/efi" directory is mounted with the "nosuid" option | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.10.1 Ensure file systems that are being NFS-imported are mounted with the "nodev" option | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.10.3 Ensure file systems being imported via NFS are mounted with the "noexec" option | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.5.11 Ensure the operating system disables the use of user namespaces | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.5.16 Ensure the operating system restricts exposed kernel pointer addresses access | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.8.14 Ensure the operating system disables the user logon list for graphical user interfaces | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.8.16 Ensure the operating system prevents users from overriding the session idle-delay setting for the graphical user interface | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.9 Ensure the "tmux" package installed | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 2.1.6 Ensure ftp server services are not in use | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 2.1.20 Ensure X window server services are not in use | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.22 Ensure automated bug reporting tools are not installed | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 2.1.30 Ensure the krb5-server package has not been installed on the system | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.1.34 Ensure the operating system is configured to prevent unrestricted mail relaying | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 3.1.4 Ensure network interfaces are not in promiscuous mode | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.1.10 Ensure sshd GSSAPIAuthentication is disabled | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 5.1.10 Ensure sshd GSSAPIAuthentication is disabled | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.2.9 Ensure sudo timestamp_timeout is configured | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.3.6 Ensure the operating system defines default permissions for all authenticated users in such a way that the user can only read and modify their own files | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.4.3.9 Ensure the default umask for all local interactive users is "077" | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 6.2.2.12 Ensure the operating system has the packages required for encrypting offloaded audit logs | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 6.3.3.13 Ensure file deletion events by users are collected | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.18 Ensure successful and unsuccessful attempts to use the usermod command are collected | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.22 Ensure successful and unsuccessful attempts to use the su command are collected | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.27 Ensure successful and unsuccessful attempts to use the newgrp command are collected | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.30 Ensure successful and unsuccessful attempts to use the unix_chkpwd command are collected | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.34 Ensure successful and unsuccessful attempts to use the semanage command are collected | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.37 Ensure successful and unsuccessful attempts to use the unix_update command are collected | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.41 Ensure successful and unsuccessful attempts to use the passwd command are collected | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.4.12 Ensure audit tools are mode 0755 or more restrictive | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.4.14 Ensure audit tools are group owned by root | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.4.16 Ensure the audit log file directory is owned by root | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 7.1.20 Ensure world-writable directories group-owner is configured | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 7.2.12 Ensure all files and directories in a local interactive user home directory are mode 0750 or more restrictive | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 7.2.13 Ensure all local initialization files are mode 0740 or more restrictive | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| WA230 A22 - The Web site software used with the web server must have all applicable security patches applied and documented. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WA00505 A22 - Web Distributed Authoring and Versioning (WebDAV) must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WG205 IIS6 - The web document (home) directory must be on a separate partition from the web servers system files. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG242 IIS6 - Log file data must contain required data elements. - 'Logging Properties Set Correctly' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | AUDIT AND ACCOUNTABILITY |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - logs | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - logs/* | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub\ftproot\ftpfiles' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub\mailroot' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\system32\inetsrv\data' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\system32\inetsrv\iisadmin' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\system32\inetsrv\iisadmpwd' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\system32\inetsrv\MBSchema.bin.00000000h | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG340 IIS6 - A private web server must utilize an approved TLS version. - 'TLS 1.0\Server' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'SSL 2.0 Server' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG410 IIS6 - Interactive scripts must have proper access controls. - 'ASP Default Language set to VBScript' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG410 IIS6 - Interactive scripts must have proper access controls. - 'Enable Parent Paths set to False' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
