| 2.1 Collect system configuration regularly | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 2.2 Scan for TROJAN aka Untrusted/Unauthorized Applications (Implement Allowlist) | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.3 Allowlist Authorized Software and Report Violations | CONFIGURATION MANAGEMENT |
| 2.4 Allowlist Authorized Libraries and Report Violations | CONFIGURATION MANAGEMENT |
| 2.5 Allowlist Authorized Scripts and Report Violations | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.7 Remove Unused Symbolic Links | CONFIGURATION MANAGEMENT |
| 3.3 Ensure default user umask is 027 or more restrictive | ACCESS CONTROL, MEDIA PROTECTION |
| 3.4 Remove group write permission from default groups - exceptions must be in TSD and audit | ACCESS CONTROL, MEDIA PROTECTION |
| 3.5 Application Data with requirement for world writable directories | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure there are no world writable files - exceptions must be in TSD and audit | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7 Ensure there are no 'staff' writable files - exceptions must be in TSD and audit | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure all files and directories are owned by a user (uid) and assigned to a group (gid) | MEDIA PROTECTION |
| 4.1.1.1 Disable writesrv | CONFIGURATION MANAGEMENT |
| 4.1.1.2 dt | CONFIGURATION MANAGEMENT |
| 4.1.1.3 piobe | CONFIGURATION MANAGEMENT |
| 4.1.1.4 qdaemon | CONFIGURATION MANAGEMENT |
| 4.1.1.5 rc.nfs | CONFIGURATION MANAGEMENT |
| 4.1.1.6 cas_agent | CONFIGURATION MANAGEMENT |
| 4.1.2.1 inetd - aka Super Daemon | CONFIGURATION MANAGEMENT |
| 4.1.2.2 aixmibd | CONFIGURATION MANAGEMENT |
| 4.1.2.3 dhcpcd | CONFIGURATION MANAGEMENT |
| 4.1.2.4 dhcprd | CONFIGURATION MANAGEMENT |
| 4.1.2.5 dhcpsd | CONFIGURATION MANAGEMENT |
| 4.1.2.6 dpid2 | CONFIGURATION MANAGEMENT |
| 4.1.2.7 gated | CONFIGURATION MANAGEMENT |
| 4.1.2.8 hostmibd | CONFIGURATION MANAGEMENT |
| 4.1.2.10 named | CONFIGURATION MANAGEMENT |
| 4.1.2.11 portmap | CONFIGURATION MANAGEMENT |
| 4.1.2.12 routed | CONFIGURATION MANAGEMENT |
| 4.1.2.13 rwhod | CONFIGURATION MANAGEMENT |
| 4.1.2.14 sendmail | CONFIGURATION MANAGEMENT |
| 4.1.2.15 snmpd | CONFIGURATION MANAGEMENT |
| 4.1.2.16 snmpmibd | CONFIGURATION MANAGEMENT |
| 4.1.2.17 timed | CONFIGURATION MANAGEMENT |
| 4.1.3.1 autoconf6 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 4.1.3.2 ndpd-host | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 4.1.3.3 ndpd-router | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 4.1.4.1 NFS - disable NFS client | CONFIGURATION MANAGEMENT |
| 4.1.4.3 NFS - enable both nosuid and nodev options on NFS client mounts | ACCESS CONTROL |
| 4.1.4.4 NFS - localhost removal | CONFIGURATION MANAGEMENT |
| 4.1.4.6 NFS - no_root_squash option | ACCESS CONTROL |
| 4.1.5.1 bootps | CONFIGURATION MANAGEMENT |
| 4.1.5.2 chargen | CONFIGURATION MANAGEMENT |
| 4.1.5.3 comsat | CONFIGURATION MANAGEMENT |
| 4.1.5.4 daytime | CONFIGURATION MANAGEMENT |
| 4.1.5.5 discard | CONFIGURATION MANAGEMENT |
| 4.1.5.6 echo | CONFIGURATION MANAGEMENT |
| 4.1.5.7 exec | CONFIGURATION MANAGEMENT |
| 4.1.5.8 finger | CONFIGURATION MANAGEMENT |
| 4.1.5.9 ftp | CONFIGURATION MANAGEMENT |
