| 2.1.2 Ensure Unauthorized Applications are reported | CONFIGURATION MANAGEMENT |
| 2.2 Ensure system configuration is documented and verified regularly | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 2.4 Ensure unused symbolic links are removed | CONFIGURATION MANAGEMENT |
| 3.1 Ensure default user umask is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2 Ensure group write permission are removed from default groups | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3 Ensure world writable directories have the SVTX bit set | ACCESS CONTROL, MEDIA PROTECTION |
| 3.5 Ensure world writable files are secured | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure there are no group "staff" writable files | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7 Ensure no files or directories without an owner and a group exist | MEDIA PROTECTION |
| 4.1.1.1 Ensure access on /smit.log is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.2 Ensure access on /etc/group is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.3 Ensure access on /etc/inetd.conf is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.4 Ensure access on /etc/motd is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.5 Ensure access on /etc/passwd is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.6 Ensure /etc/mail/submit.cf access is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.7 Ensure access to /etc/ssh/ssh_banner is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.8 Ensure access on /etc/ssh/ssh_config is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.9 Ensure access on /etc/ssh/sshd_config is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.10 Ensure access on /var/adm/cron/at.allow is configured | ACCESS CONTROL |
| 4.1.1.11 Ensure access on /var/adm/cron/cron.allow is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.12 Ensure access on /var/adm/cron/log is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.13 Ensure access on /var/ct/RMstart.log is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.14 Ensure access on /var/tmp/dpid2.log is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.15 Ensure access on /var/tmp/hostmibd.log is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.16 Ensure access on /var/tmp/snmpd.log is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.17 Ensure crontab is restricted to authorized users | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.18 Ensure Home directory configuration file access is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.19 Ensure SUID and SGID files are reviewed | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.1 Ensure local user Home directories exists | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.2 Ensure Home directories access is configured | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1.2.3 Ensure Home directory write access is restricted to owner | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.4 Ensure access on /audit and /etc/security/audit is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.5 Ensure access to /etc/security is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.6 Ensure access on /var/adm/ras is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.7 Ensure access on /var/adm/sa is configured | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1.2.8 Ensure access on /var/spool/cron/crontabs is configured | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1.2.9 Ensure all directories in root PATH access is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.10 Ensure root user has a dedicated home directory | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.1 Ensure sendmail in not in use | CONFIGURATION MANAGEMENT |
| 4.2.2 Ensure NIS client is not installed | CONFIGURATION MANAGEMENT |
| 4.2.3 Ensure NIS server services are not in use | CONFIGURATION MANAGEMENT |
| 4.2.4 Ensure legacy NIS markers are removed | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.7 Ensure legacy remote daemon support is not available | CONFIGURATION MANAGEMENT |
| 4.2.8 Ensure snmpd is not available | CONFIGURATION MANAGEMENT |
| 4.3.1.1 Ensure writesrv service is not in use | CONFIGURATION MANAGEMENT |
| 4.3.1.2 Ensure dt service is not in use | CONFIGURATION MANAGEMENT |
| 4.3.1.3 Ensure piobe service is not in use | CONFIGURATION MANAGEMENT |
| 4.3.1.4 Ensure qdaemon service is not in use | CONFIGURATION MANAGEMENT |
| 4.3.1.5 Ensure rcnfs service is not in use | CONFIGURATION MANAGEMENT |
| 4.3.2.1 Ensure inetd daemon is disabled when no additional services are required | CONFIGURATION MANAGEMENT |
