| 1.1.3 Ensure separate file system for /tmp | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.3 Ensure AIDE is configured to verify ACLs | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 1.3.5 Ensure AIDE is configured to use FIPS 140-2 | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 1.4.4 Ensure UEFI requires authentication for single-user and maintenance modes - password | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 1.5.5 Ensure kernel core dumps are disabled. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 1.5.6 Ensure NIST FIPS-validated cryptography is configured - grub | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.7 Ensure DNS is servers are configured - nameserver 1 | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7.3 If a Local Time Zone is used, Configure Daylight Savings | CIS Cisco NX-OS L1 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.9 Ensure anti-virus is installed and running | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.11 Ensure host-based intrusion detection tool is used - MFEhiplsm process | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.2.1 Ensure the screen package is installed. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 2.2.2.4 Ensure GNOME Idle activation is set. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 2.2.2.5 Ensure GNOME Lock Delay is configured | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 2.2.2.10 Ensure screensaver lock-enabled is set. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 2.2.2.11 Ensure the screensaver idle-activation-enabled setting | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 2.2.26 Ensure 'Deny log on as a service' to include 'No one' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.27 Ensure 'Deny log on as a service' to include 'No one' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.29 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.29 Ensure nosuid option is set for NFS | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.2.30 Ensure NFS is configured to use RPCSEC_GSS. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.10 Ensure rate limiting measures are set - config | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.2.2 Ensure auditing of the unix_chkpwd command | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.5 Ensure audit all uses of the newgrp command. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.9 Ensure audit of postqueue command. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.15 Ensure audit of unlink syscall - 32 bit | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.15 Ensure audit of unlink syscall - 64 bit | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.21 Ensure auditing of all privileged functions - setgid 32 bit | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.21 Ensure auditing of all privileged functions - setuid 32 bit | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.2.6 Ensure rsyslog imudp and imrelp aren't loaded. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.25 Ensure SSH setting for 'IgnoreUserKnownHosts' is enabled - IgnoreUserKnownHosts is enabled. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.28 Ensure SSH does not permit Kerberos authentication | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.29 Ensrue SSH performs checks of home directory configuration files. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.32 Ensure no '.shosts' files exist on the system. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | |
| 5.3.5 Ensure minimum and maximum requirements are set for password changes - difok | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.5 Ensure minimum and maximum requirements are set for password changes - minclass | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.7 Ensure lockout for unsuccessful root logon attempts - password-auth default | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 5.3.7 Ensure lockout for unsuccessful root logon attempts - system-auth required | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 5.4.1.6 Ensure encrypted respresentation of passwords is set. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.1.11 Ensure inactive password lock is 0 days | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 6.2.23 Ensure local interactive users' dot files for are owned by the user or root. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| Amazon Linux is installed | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | |
| CASA-ND-001230 - The Cisco ASA must be configured to generate audit records for privileged activities or other system-level access. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| Check for ntp process | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | |
| CISC-ND-001040 - The Cisco router must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001260 - The Cisco router must be configured to generate audit records when successful/unsuccessful logon attempts occur. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000395 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| SNMPv1 and v2c vs SNMPv3 - snmp-server community | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| SNMPv1 and v2c vs SNMPv3 - snmpv3 | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT |
| WN12-AD-000008-DC - The time synchronization tool must be configured to enable logging of time source switching. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
