| 1.290 - The system must not have accounts configured with blank or null passwords - password-auth | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.440 - The system must not allow an unattended or automatic logon to the system via a graphical user interface. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.450 - The system must not allow an unrestricted logon to the system. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.1340 - The system must use a separate file system for /tmp (or equivalent). | Tenable Fedora Linux Best Practices v2.0.0 | Unix | |
| 2.1600 - The system must be configured so that the file integrity tool is configured to verify Access Control Lists (ACLs) - installed | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1610 - The system must be configured so that the file integrity tool is configured to verify extended attributes - installed | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1620 - The system must use a file integrity tool that is configured to use FIPS 140-2 approved cryptographic hashes for validating file contents and directories - installed | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.201 - The system must implement virtual address space randomization - sysctl | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.330 - The system must be configured so that the SSH daemon does not allow authentication using RSA rhosts authentication. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.350 - The system must be configured so that the SSH daemon does not allow authentication using rhosts authentication. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 4.360 - The system must display the date and time of the last successful account logon upon an SSH logon. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 4.370 - The system must not permit direct logons to the root account using remote access via SSH. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 4.380 - The system must be configured so that the SSH daemon does not allow authentication using known hosts authentication. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 4.390 - The system must be configured so that the SSH daemon is configured to only use the SSHv2 protocol. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.410 - The SSH public host key files must have mode 0644 or less permissive. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.520 - The system must enable an application firewall, if available - installed | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.520 - The system must enable an application firewall, if available - state | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.520 - The system must enable an application firewall, if available - status | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.530 - The system must display the date and time of the last successful account logon upon logon. - silent | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 4.600 - For systems using DNS resolution, at least two name servers must be configured - nameserver 1 | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.600 - For systems using DNS resolution, at least two name servers must be configured - nameserver 2 | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.600 - For systems using DNS resolution, at least two name servers must be configured - no dns | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.610 - The system must not forward Internet Protocol version 4 (IPv4) source-routed packets - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.611 - The system must use a reverse-path filter for IPv4 network traffic when possible on all interfaces. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.612 - The system must use a reverse-path filter for IPv4 network traffic when possible by default. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.620 - The system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.630 - The system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.640 - The system must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.641 - The system must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.650 - The system must not allow interfaces to perform Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects by default - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.660 - The system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.810 - The system access control program must be configured to grant or deny system access to specific hosts and services. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.820 - The system must not have unauthorized IP tunnels configured. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.830 - The system must not forward IPv6 source-routed packets - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 40740 - The system must not be performing packet forwarding unless the system is a router - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Prevent the Use of Dictionary Words for Passwords | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Prevent the Use of Dictionary Words for Passwords | NIST macOS Catalina v1.5.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT |
| Monterey - Disable Password Hints | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Monterey - Disable Password Hints | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Monterey - Disable Password Hints | NIST macOS Monterey v1.0.0 - 800-171 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Monterey - Disable Password Hints | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Monterey - Disable Password Hints | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Monterey - Enable Firmware Password | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Enable Firmware Password | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Enable Firmware Password | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Enable Firmware Password | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Integrate System into a Directory Services Infrastructure | NIST macOS Monterey v1.0.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT |
| Monterey - Must Use an Approved Antivirus Program | NIST macOS Monterey v1.0.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Prevent the Use of Dictionary Words for Passwords | NIST macOS Monterey v1.0.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT |
| Monterey - Secure User's Home Folders | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
