| ALMA-09-001010 - AlmaLinux OS 9 must limit the number of concurrent sessions to ten for all accounts and/or account types. | ACCESS CONTROL |
| ALMA-09-001120 - AlmaLinux OS 9 must automatically lock graphical user sessions after 15 minutes of inactivity. | ACCESS CONTROL |
| ALMA-09-001230 - AlmaLinux OS 9 must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | ACCESS CONTROL |
| ALMA-09-001340 - AlmaLinux OS 9 must prevent a user from overriding the session idle-delay setting for the graphical user interface. | ACCESS CONTROL |
| ALMA-09-001450 - AlmaLinux OS 9 must initiate a session lock for graphical user interfaces when the screensaver is activated. | ACCESS CONTROL |
| ALMA-09-001560 - AlmaLinux OS 9 must prevent a user from overriding the session lock-delay setting for the graphical user interface. | ACCESS CONTROL |
| ALMA-09-001890 - AlmaLinux OS 9 must automatically exit interactive command shell user sessions after 10 minutes of inactivity. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-002000 - AlmaLinux OS 9 must be able to directly initiate a session lock for all connection types using smart card when the smart card is removed. | ACCESS CONTROL |
| ALMA-09-002110 - AlmaLinux OS 9 must prevent a user from overriding the disabling of the graphical user smart card removal action. | ACCESS CONTROL |
| ALMA-09-002770 - AlmaLinux OS 9 must log SSH connection attempts and failures to the server. | ACCESS CONTROL |
| ALMA-09-002880 - All AlmaLinux OS 9 remote access methods must be monitored. | ACCESS CONTROL |
| ALMA-09-002990 - AlmaLinux OS 9 SSH client must be configured to use only encryption ciphers employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | ACCESS CONTROL |
| ALMA-09-003100 - AlmaLinux OS 9 must implement DOD-approved encryption ciphers to protect the confidentiality of SSH client connections. | ACCESS CONTROL |
| ALMA-09-003210 - AlmaLinux OS 9 SSH client must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms. | ACCESS CONTROL |
| ALMA-09-003320 - AlmaLinux OS 9 must implement DOD-approved encryption ciphers to protect the confidentiality of SSH server connections. | ACCESS CONTROL |
| ALMA-09-003325 - AlmaLinux OS 9 SSH server must be configured to use only FIPS 140-3 validated key exchange algorithms. | ACCESS CONTROL |
| ALMA-09-003430 - AlmaLinux OS 9 must implement DOD-approved systemwide cryptographic policies to protect the confidentiality of SSH server connections. | ACCESS CONTROL |
| ALMA-09-003540 - AlmaLinux OS 9 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms. | ACCESS CONTROL |
| ALMA-09-003650 - AlmaLinux OS 9 must force a frequent session key renegotiation for SSH connections to the server. | ACCESS CONTROL |
| ALMA-09-003760 - AlmaLinux OS 9 must implement DOD-approved TLS encryption in the GnuTLS package. | ACCESS CONTROL |
| ALMA-09-003870 - AlmaLinux OS 9 IP tunnels must use FIPS 140-3 approved cryptographic algorithms. | ACCESS CONTROL |
| ALMA-09-003980 - AlmaLinux OS 9 must implement DOD-approved encryption in the OpenSSL package. | ACCESS CONTROL |
| ALMA-09-004090 - AlmaLinux OS 9 must implement DOD-approved TLS encryption in the OpenSSL package. | ACCESS CONTROL |
| ALMA-09-004310 - AlmaLinux OS 9 must use the TuxCare FIPS repository. | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-004320 - AlmaLinux OS 9 must use the TuxCare FIPS packages and not the default encryption packages. | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-004420 - AlmaLinux OS 9 must enable FIPS mode. | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-004750 - AlmaLinux OS 9 must automatically expire temporary accounts within 72 hours. | ACCESS CONTROL |
| ALMA-09-004970 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-005080 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-005190 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-005300 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-005410 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-005960 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-006070 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/ | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-006180 - AlmaLinux OS 9 must require authentication to access emergency mode. | ACCESS CONTROL |
| ALMA-09-006290 - AlmaLinux OS 9 must require a boot loader password. | ACCESS CONTROL |
| ALMA-09-006400 - AlmaLinux OS 9 must require a unique superuser's name upon booting into single-user and maintenance modes. | ACCESS CONTROL |
| ALMA-09-006510 - AlmaLinux OS 9 must require authentication to access single-user mode. | ACCESS CONTROL |
| ALMA-09-006620 - The systemd Ctrl-Alt-Delete burst key sequence in AlmaLinux OS 9 must be disabled. | ACCESS CONTROL |
| ALMA-09-006730 - The Ctrl-Alt-Delete key sequence must be disabled on AlmaLinux OS 9. | ACCESS CONTROL |
| ALMA-09-006840 - AlmaLinux OS 9 must have the sudo package installed. | ACCESS CONTROL |
| ALMA-09-006950 - The AlmaLinux OS 9 debug-shell systemd service must be disabled. | ACCESS CONTROL |
| ALMA-09-007060 - AlmaLinux OS 9 must enable kernel parameters to enforce discretionary access control on hardlinks. | ACCESS CONTROL |
| ALMA-09-007170 - AlmaLinux OS 9 must enable kernel parameters to enforce discretionary access control (DAC) on symlinks. | ACCESS CONTROL |
| ALMA-09-007280 - AlmaLinux OS 9 must audit uses of the "execve" system call. | ACCESS CONTROL |
| ALMA-09-007500 - AlmaLinux OS 9 must automatically lock an account when three unsuccessful logon attempts occur. | ACCESS CONTROL |
| ALMA-09-007610 - AlmaLinux OS 9 must automatically lock the root account until the root account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | ACCESS CONTROL |
| ALMA-09-007720 - AlmaLinux OS 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. | ACCESS CONTROL |
| ALMA-09-007830 - AlmaLinux OS 9 must configure the use of the pam_faillock.so module in the /etc/pam.d/system-auth file. | ACCESS CONTROL |
| ALMA-09-007940 - AlmaLinux OS 9 must configure the use of the pam_faillock.so module in the /etc/pam.d/password-auth file. | ACCESS CONTROL |
