| 1.1.1 - /etc/security/user - 'mindiff >= 4' | IDENTIFICATION AND AUTHENTICATION |
| 1.1.2 - /etc/security/user - 'minage >= 1' | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 - /etc/security/user - 'maxage <= 13' but not 0 | IDENTIFICATION AND AUTHENTICATION |
| 1.1.4 - /etc/security/user - 'minlen = 8' | IDENTIFICATION AND AUTHENTICATION |
| 1.1.5 - /etc/security/user - 'minalpha >= 2' | IDENTIFICATION AND AUTHENTICATION |
| 1.1.6 - /etc/security/user - 'minother >= 2' | IDENTIFICATION AND AUTHENTICATION |
| 1.1.7 - /etc/security/user - 'maxrepeats <= 2' | IDENTIFICATION AND AUTHENTICATION |
| 1.1.8 - /etc/security/user - 'histexpire >= 13' | IDENTIFICATION AND AUTHENTICATION |
| 1.1.9 - /etc/security/user - 'histsize >= 20' | IDENTIFICATION AND AUTHENTICATION |
| 1.1.10 - /etc/security/user - 'maxexpired <= 2' | IDENTIFICATION AND AUTHENTICATION |
| 1.2.1 - /etc/security/login.cfg - 'logininterval <= 300' | ACCESS CONTROL |
| 1.2.2 - /etc/security/login.cfg - 'logindisable <= 10' | ACCESS CONTROL |
| 1.2.3 - /etc/security/login.cfg - 'loginreenable >= 360' | ACCESS CONTROL |
| 1.2.4 - /etc/security/login.cfg - 'logintimeout <= 30' | ACCESS CONTROL |
| 1.2.5 - /etc/security/login.cfg - 'logindelay >= 10' | ACCESS CONTROL |
| 1.2.6 - /etc/security/user - 'loginretries <= 3' | ACCESS CONTROL |
| 1.2.7 - /etc/security/user - 'rlogin = false' | CONFIGURATION MANAGEMENT |
| 1.2.8 - /etc/security/user - 'sugroups=ALL su=true' | IDENTIFICATION AND AUTHENTICATION |
| 1.3.53 - /etc/inetd.conf - permissions and ownership - '/etc/inetd.conf root:system 644' | |
| 1.7.3 - Miscellaneous Enhancements - '/etc/ftpusers includes root' | ACCESS CONTROL |
| 1.7.4 - Miscellaneous Enhancements - login herald - 'default herald is set to appropriate text' | ACCESS CONTROL |
| 1.7.5 - Miscellaneous Enhancements - 'guest account removal' | ACCESS CONTROL |
| 1.7.6 - Miscellaneous Enhancements - crontab permissions - '/usr/bin/errclear 755' | |
| 1.7.6 - Miscellaneous Enhancements - crontab permissions - '/usr/lib/ras/dumpcheck 755' | |
| 1.7.6 - Miscellaneous Enhancements - crontab permissions - '/usr/lib/spell/compress 755' | |
| 1.7.6 - Miscellaneous Enhancements - crontab permissions - '/usr/sbin/skulker 755' | |
| 2.2.2 - Configuring SSH - disabling direct root access - 'PermitRootLogin = no' | ACCESS CONTROL |
| 2.2.3 - Configuring SSH - server protocol - 'Protocol 2' | |
| 2.2.4 - Configuring SSH - client protocol - 'Protocol 2' | |
| 2.2.5 - Configuring SSH - banner configuration - 'Banner = /etc/motd' | ACCESS CONTROL |
| 2.2.6 - Configuring SSH - ignore .shosts and .rhosts - 'IgnoreRhosts = yes' | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.2.7 - Configuring SSH - disable null passwords - 'PermitEmptyPasswords = no' | IDENTIFICATION AND AUTHENTICATION |
| 2.2.9 - Configuring SSH - set privilege separation - 'UsePrivilegeSeparation = yes' | CONFIGURATION MANAGEMENT |
| 2.2.10 - Configuring SSH - sshd_config permissions lockdown - '/etc/ssh/sshd_config root:system 600' | CONFIGURATION MANAGEMENT |
| 2.2.11 - Configuring SSH - ssh_config permissions lockdown - '/etc/ssh/ssh_config root:system 644' | CONFIGURATION MANAGEMENT |
| 2.3.1 - /etc/mail/sendmail.cf - SmtpGreetingMessage - 'SmtpGreetingMessage = mailerready' | ACCESS CONTROL |
| 2.3.2 - /etc/mail/sendmail.cf - permissions and ownership - '/etc/mail/sendmail.cf root:system 640' | ACCESS CONTROL |
| 2.3.3 - /var/spool/mqueue - permissions and ownership - '/var/spool/mqueue root:system 700' | |
| 2.4.3 - CDE - sgid/suid binary lockdown - '/usr/dt/bin/dtaction root:sys 555' | |
| 2.4.3 - CDE - sgid/suid binary lockdown - '/usr/dt/bin/dtappgather root:bin 555' | |
| 2.4.3 - CDE - sgid/suid binary lockdown - '/usr/dt/bin/dtprintinfo root:bin 555' | |
| 2.4.3 - CDE - sgid/suid binary lockdown - '/usr/dt/bin/dtsession root:bin 555' | |
| 2.4.5 - CDE - screensaver lock - 'dtsession*lockTimeout <= 10' | ACCESS CONTROL |
| 2.4.5 - CDE - screensaver lock - 'dtsession*saverTimeout <= 10' | ACCESS CONTROL |
| 2.4.6 - CDE - /etc/dt/config/Xconfig permissions and ownership - '/etc/dt/config/Xconfig root:bin 444' | ACCESS CONTROL |
| 2.4.7 - CDE - /etc/dt/config/Xservers permissions and ownership - '/etc/dt/config/Xservers root:bin 444' | |
| 2.4.7 - CDE - /etc/dt/config/Xservers permissions and ownership - 'Dtlogin.servers = /etc/dt/config/Xservers' | CONFIGURATION MANAGEMENT |
| 2.4.8 - CDE - login screen hostname masking - 'dtlogin*greeting.labelString is set to appropriate text' | ACCESS CONTROL |
| 2.4.8 - CDE - login screen hostname masking - 'dtlogin*greeting.persLabelString is set to appropriate text' | ACCESS CONTROL |
| 2.4.9 - CDE - /etc/dt/config/*/Xresources permissions and ownership - '/etc/dt/config/*/Xresources root:sys 444' | |
