| 1.1.17 Ensure noexec option set on /dev/shm partition | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.20 Ensure noexec option set on removable media partitions | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing = 0 | CIS Debian 8 Server L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - selinux = 0 | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.2 Ensure the SELinux state is enforcing - /etc/selinux/config | CIS Debian 8 Server L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.2 Ensure the SELinux state is enforcing - sestatus | CIS Debian 8 Server L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2.1 Ensure AppArmor is enabled in the bootloader configuration - apparmor=1 | CIS Debian 8 Server L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - 0 processes are unconfined | CIS Debian 8 Server L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - complain mode | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - profiles loaded | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.9.29 Interactive logon: Require smart card | CIS Windows 2008 SSLF v1.2.0 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.20 Ensure that IAM Access analyzer is enabled for all regions | CIS Amazon Web Services Foundations L1 3.0.0 | amazon_aws | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.3.20 Ensure the audit configuration is immutable | CIS CentOS Linux 8 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.3.41 Ensure the audit configuration is immutable | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.2 Ensure permissions on /etc/crontab are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.4 Ensure permissions on /etc/cron.daily are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.6 Ensure permissions on /etc/cron.monthly are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.7 Ensure permissions on /etc/cron.d are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.8 Ensure at/cron is restricted to authorized users - at.deny | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.8 Ensure at/cron is restricted to authorized users - cron.deny | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.3 Ensure permissions on SSH public host key files are configured | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.2 Ensure permissions on /etc/passwd are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.4 Ensure permissions on /etc/group are configured | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.4 Ensure permissions on /etc/group are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.6 Ensure permissions on /etc/passwd- are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.9 Ensure permissions on /etc/gshadow- are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.9 Ensure users own their home directories | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| GEN000290 - The system must not have unnecessary accounts - 'ftp does not exsit' | DISA STIG HP-UX 11.31 v1r19 | Unix | ACCESS CONTROL |
| GEN000290 - The system must not have unnecessary accounts - 'gopher does not exsit' | DISA STIG HP-UX 11.31 v1r19 | Unix | ACCESS CONTROL |
| GEN001210 - All system command files must not have extended ACLs - '/usr/bin' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN001210 - All system command files must not have extended ACLs - '/usr/lbin' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN001210 - All system command files must not have extended ACLs - '/usr/sbin' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN001390 - The /etc/passwd file must not have an extended ACL. | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN001730 - All global initialization files must not have extended ACLs - '/etc/csh.login' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN001730 - All global initialization files must not have extended ACLs - '/etc/csh.logout' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN002640 - Default system accounts must be disabled or removed - 'smtp' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN002640 - Default system accounts must be disabled or removed - 'sys' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN003090 - Crontab files must not have extended ACLs - '/etc/cron.d' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN003090 - Crontab files must not have extended ACLs - '/etc/cron.monthly' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN003110 - Cron and crontab directories must not have extended ACLs - '/etc/cron.hourly' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN004820 - Anonymous FTP must not be active on the system unless authorized - 'anonymous' | DISA STIG HP-UX 11.31 v1r19 | Unix | ACCESS CONTROL |
| GEN004820 - Anonymous FTP must not be active on the system unless authorized - 'ftp' | DISA STIG HP-UX 11.31 v1r19 | Unix | ACCESS CONTROL |
| GEN006210 - The /var/private/smbpasswd file must not have an extended ACL. | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN006270 - The /etc/news/hosts.nntp file must not have an extended ACL. | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN006290 - The /etc/news/hosts.nntp.nolimit file must not have an extended ACL. | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN008200 - The LDAP TLS certificate authority file must not have an extended ACL | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
