| 1.1.2 Ensure /tmp is configured - or equivalent. | CONFIGURATION MANAGEMENT |
| 1.1.7 Ensure noexec option set on /dev/shm partition - fstab | CONFIGURATION MANAGEMENT |
| 1.1.7 Ensure noexec option set on /dev/shm partition - mount | CONFIGURATION MANAGEMENT |
| 1.1.8 Ensure nodev option set on /dev/shm partition - fstab | CONFIGURATION MANAGEMENT |
| 1.1.8 Ensure nodev option set on /dev/shm partition - mount | CONFIGURATION MANAGEMENT |
| 1.1.9 Ensure nosuid option set on /dev/shm partition - fstab | CONFIGURATION MANAGEMENT |
| 1.1.9 Ensure nosuid option set on /dev/shm partition - mount | CONFIGURATION MANAGEMENT |
| 1.1.10 Ensure separate partition exists for /var | CONFIGURATION MANAGEMENT |
| 1.1.16 Ensure separate partition exists for /var/log/audit | CONFIGURATION MANAGEMENT |
| 1.1.19 Ensure nosuid is set on users' home directories. | CONFIGURATION MANAGEMENT |
| 1.1.22 Ensure nosuid option set on removable media partitions | CONFIGURATION MANAGEMENT |
| 1.1.23 Ensure noexec option is configured for NFS - NFS. | CONFIGURATION MANAGEMENT |
| 1.1.24 Ensure nosuid option is set for NFS - NFS. | CONFIGURATION MANAGEMENT |
| 1.1.26 Ensure all world-writable directories are group-owned. | CONFIGURATION MANAGEMENT |
| 1.1.27 Disable Automounting | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.1.28 Disable USB Storage - /bin/true | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.1.28 Disable USB Storage - blacklist | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.2.3 Ensure gpgcheck is globally activated - CA that is recognized and approved by the organization. | CONFIGURATION MANAGEMENT |
| 1.2.6 Ensure software packages have been digitally signed by a Certificate Authority (CA) - CA that is recognized and approved by the organization. | CONFIGURATION MANAGEMENT |
| 1.2.7 Ensure removal of software components after update | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.8 Ensure the version of the operating system is an active vendor supported release | CONFIGURATION MANAGEMENT |
| 1.3.1 Ensure AIDE is installed | CONFIGURATION MANAGEMENT |
| 1.3.2 Ensure filesystem integrity is regularly checked - aide | CONFIGURATION MANAGEMENT |
| 1.3.2 Ensure filesystem integrity is regularly checked - cron | CONFIGURATION MANAGEMENT |
| 1.3.2 Ensure filesystem integrity is regularly checked - mail | CONFIGURATION MANAGEMENT |
| 1.3.3 Ensure AIDE is configured to verify ACLs - config | CONFIGURATION MANAGEMENT |
| 1.3.3 Ensure AIDE is configured to verify ACLs - installed | CONFIGURATION MANAGEMENT |
| 1.3.4 Ensure AIDE is configured to verify XATTRS - config | CONFIGURATION MANAGEMENT |
| 1.3.4 Ensure AIDE is configured to verify XATTRS - installed | CONFIGURATION MANAGEMENT |
| 1.3.5 Ensure AIDE is configured to use FIPS 140-2 - installed | CONFIGURATION MANAGEMENT |
| 1.3.5 Ensure AIDE is configured to use FIPS 140-2 - sha512 | CONFIGURATION MANAGEMENT |
| 1.4.1 Ensure bootloader password is set - password efi grub | ACCESS CONTROL |
| 1.4.1 Ensure bootloader password is set - password efi user | ACCESS CONTROL |
| 1.4.1 Ensure bootloader password is set - password grub | ACCESS CONTROL |
| 1.4.1 Ensure bootloader password is set - password user | ACCESS CONTROL |
| 1.4.1 Ensure bootloader password is set - superusers efi | ACCESS CONTROL |
| 1.4.1 Ensure bootloader password is set - superusers grub | ACCESS CONTROL |
| 1.4.3 Ensure authentication required for single user mode | ACCESS CONTROL |
| 1.4.4 Ensure boot loader does not allow removable media | CONFIGURATION MANAGEMENT |
| 1.4.5 Ensure version 7.2 or newer booted with a BIOS have a unique name for the grub superusers account | ACCESS CONTROL |
| 1.4.6 Ensure version 7.2 or newer booted with UEFI have a unique name for the grub superusers account - UEFI must have a unique name for the grub superusers account when booting into single-user mode and maintenance. | ACCESS CONTROL |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - config | CONFIGURATION MANAGEMENT |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl | CONFIGURATION MANAGEMENT |
| 1.5.5 Ensure number of concurrent sessions is limited | ACCESS CONTROL |
| 1.5.6 Ensure the Ctrl-Alt-Delete key sequence is disabled - inactive | CONFIGURATION MANAGEMENT |
| 1.5.6 Ensure the Ctrl-Alt-Delete key sequence is disabled - target | CONFIGURATION MANAGEMENT |
| 1.5.7 Ensure kernel core dumps are disabled. | CONFIGURATION MANAGEMENT |
| 1.5.8 Ensure DNS is servers are configured - immutable | CONFIGURATION MANAGEMENT |
| 1.5.8 Ensure DNS is servers are configured - nameserver 1 | CONFIGURATION MANAGEMENT |
| 1.5.8 Ensure DNS is servers are configured - nameserver 2 | CONFIGURATION MANAGEMENT |
