| 1.1.21 Ensure all world-writable directories are group-owned. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.1 Configure Connection to the RHN RPM Repositories | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4 Ensure Red Hat Network or Subscription Manager connection is configured | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4 Ensure Red Hat Network or Subscription Manager connection is configured | CIS Red Hat 6 Server L1 v3.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4 Ensure Red Hat Subscription Manager connection is configured | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4 Ensure Red Hat Subscription Manager connection is configured | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.5 Ensure the version of the operating system is an active vendor supported release. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.8 Ensure the version of the operating system is an active vendor supported release | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Ensure Apache Is Installed From the Appropriate Binaries | CIS Apache HTTP Server 2.4 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.5.2 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/* | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.3 Ensure the SELinux state is enforcing - config | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | ACCESS CONTROL |
| 1.6.1.3 Ensure the SELinux state is enforcing - sestatus | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | ACCESS CONTROL |
| 1.7 Use the Latest OS Release | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.7.3 Ensure the Standard Mandatory DoD Notice and Consent Banner are configured | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.9 Ensure anti-virus is installed and running | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1 Ensure the rsh package has been removed | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1 Remove telnet-server | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure the ypserv package has been removed | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.2 Remove telnet Clients | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure the TFTP server has not been installed | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.20 Ensure telnet server is not enabled | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.21 Ensure tftp server is not enabled | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.4.1 Ensure DCCP is disabled | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.11 Remove HTTP Server | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.14 Remove HTTP Proxy Server | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2 Ensure SELinux security options are set, if applicable | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | ACCESS CONTROL |
| 5.2 Verify SELinux security options, if applicable | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | ACCESS CONTROL |
| 5.2 Verify SELinux security options, if applicable (Scored) | CIS Docker 1.6 v1.0.0 L2 Docker | Unix | ACCESS CONTROL |
| 5.2.1 Ensure SSH is installed | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.2 Ensure SSH is running | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.3 Ensure permissions on /etc/ssh/sshd_config are configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.10 Ensure SSH IgnoreRhosts is enabled | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.11 Ensure SSH HostbasedAuthentication is disabled | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.2.12 Ensure SSH root login is disabled | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.2.13 Ensure SSH PermitEmptyPasswords is disabled | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.14 Ensure SSH PermitUserEnvironment is disabled | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.3 Ensure that, if applicable, SELinux security options are set | CIS Docker v1.6.0 L2 Docker Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.2.5 Ensure root is the only UID 0 account | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.15 Ensure all groups in /etc/passwd exist in /etc/group | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000008 - Vendor-provided cryptographic certificates must be installed to verify the integrity of system software. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-020250 - The Red Hat Enterprise Linux operating system must be a vendor supported release. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-021620 - The Red Hat Enterprise Linux operating system must use a file integrity tool that is configured to use FIPS 140-2 approved cryptographic hashes for validating file contents and directories. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-030201 - The Red Hat Enterprise Linux operating system must be configured to off-load audit logs onto a different system or storage media from the system being audited. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030210 - The Red Hat Enterprise Linux operating system must take appropriate action when the remote logging buffer is full. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030320 - The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030321 - The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-010000 - RHEL 8 must be a vendor-supported release. | DISA Red Hat Enterprise Linux 8 STIG v1r13 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-211010 - RHEL 9 must be a vendor-supported release. | DISA Red Hat Enterprise Linux 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-215010 - RHEL 9 subscription-manager package must be installed. | DISA Red Hat Enterprise Linux 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
