| 2.1.1 Ensure Trusted Execution Path is enabled | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.3 Ensure Allowlist violations are enabled | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.4 Ensure Trusted Execution (TE) policies are locked | CONFIGURATION MANAGEMENT |
| 2.3 Ensure regular scans for unauthorized applications | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.4 Ensure there are no system 'default group' writable files (objects) | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.5 Ensure all entries in /etc/hosts.equiv are removed | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.6 Ensure that host based authentication files are not present | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.2.9 Ensure mrouted is not in use | CONFIGURATION MANAGEMENT |
| 4.4.1.5 Ensure NFS exports use allow lists | ACCESS CONTROL, MEDIA PROTECTION |
| 4.4.1.7 Ensure secure RPC authentication is enabled | CONFIGURATION MANAGEMENT |
| 4.4.2.1 Ensure File System Level encryption is enabled | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.7.3.15 Ensure sshd PermitRootLogin is disabled | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 5.2.2 Ensure minimum password age is configured | IDENTIFICATION AND AUTHENTICATION |
| 6.1.1 Ensure sudo is installed | ACCESS CONTROL |
| 6.1.2 Ensure sudo logging is active | AUDIT AND ACCOUNTABILITY |
| 6.1.3 Ensure sudo commands use pty | SYSTEM AND INFORMATION INTEGRITY |
| 6.2.1 Ensure at is restricted to authorized users | SYSTEM AND INFORMATION INTEGRITY |
| 6.2.3 Ensure crontab is restricted authorized users | SYSTEM AND INFORMATION INTEGRITY |
| 7.1.1 Ensure /audit filesystem has been created and configured | AUDIT AND ACCOUNTABILITY |
| 7.1.2 Ensure Audit configuration defines audit classes | AUDIT AND ACCOUNTABILITY |
| 7.1.3 Ensure Audit creates audit processing commands | AUDIT AND ACCOUNTABILITY |
| 7.1.4 Ensure Audit bin(ary) audit event collection is configured | AUDIT AND ACCOUNTABILITY |
| 7.2.2 Ensure syslog is configured to send logs to a remote log host | AUDIT AND ACCOUNTABILITY |
| 7.2.3 Ensure syslog is not configured to receive logs from a remote client | AUDIT AND ACCOUNTABILITY |
| CIS_IBM_AIX_7_v1.0.0_L2.audit from CIS IBM AIX 7 Benchmark v1.0.0 | |
