| 1.1.1.9 Ensure unused filesystems kernel modules are not available | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.1.3 Ensure nosuid option set on /tmp partition | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.1.4 Ensure noexec option set on /tmp partition | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.5.3 Ensure nosuid option set on /var/tmp partition | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.6.3 Ensure nosuid option set on /var/log partition | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.7.2 Ensure nodev option set on /var/log/audit partition | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.7.4 Ensure noexec option set on /var/log/audit partition | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.2.2.1 Ensure updates, patches, and additional security software are installed | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.3.1.7 Ensure the MCS Translation Service (mcstrans) is not installed | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5.3 Ensure core dump backtraces are disabled | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.6.4 Ensure system wide crypto policy disables macs less than 128 bits | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.7 Ensure system wide crypto policy disables EtM for ssh | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7.1 Ensure message of the day is configured properly | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.7.2 Ensure local login warning banner is configured properly | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.7.3 Ensure remote login warning banner is configured properly | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.8.8 Ensure GDM autorun-never is enabled | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | MEDIA PROTECTION |
| 2.1.1 Ensure autofs services are not in use | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | MEDIA PROTECTION |
| 2.1.10 Ensure nis server services are not in use | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.12 Ensure rpcbind services are not in use | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.14 Ensure snmp services are not in use | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.15 Ensure telnet server services are not in use | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.16 Ensure tftp server services are not in use | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1 Ensure ftp client is not installed | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.4.1.2 Ensure permissions on /etc/crontab are configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.4.1.3 Ensure permissions on /etc/cron.hourly are configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.4.1.5 Ensure permissions on /etc/cron.weekly are configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.1 Ensure IPv6 status is identified | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.3 Ensure bogus icmp responses are ignored | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure suspicious packets are logged | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1 Ensure permissions on /etc/ssh/sshd_config are configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.6 Ensure sshd MACs are configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.8 Ensure sshd Banner is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.1.19 Ensure sshd PermitEmptyPasswords is disabled | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.1.20 Ensure sshd PermitRootLogin is disabled | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.2 Ensure sudo commands use pty | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.7 Ensure access to the su command is restricted | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.1.2 Ensure latest version of authselect is installed | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3.2.5 Ensure password maximum sequential characters is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.4 Ensure strong password hashing algorithm is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.2.1 Ensure root is the only UID 0 account | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.4.2.2 Ensure root is the only GID 0 account | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.2.3 Ensure group root is the only GID 0 group | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.2 Ensure filesystem integrity is regularly checked | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.2.2.4 Ensure journald Storage is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.1 Ensure changes to system administration scope (sudoers) is collected | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.4 Ensure events that modify date and time information are collected | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.13 Ensure file deletion events by users are collected | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.4.4 Ensure audit log files group owner is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
