| RHEL-08-010121 - The RHEL 8 operating system must not have accounts configured with blank or null passwords. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010130 - The RHEL 8 shadow password suite must be configured to use a sufficient number of hashing rounds. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010171 - RHEL 8 must have policycoreutils package installed. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-010297 - RHEL 8 SSH client must be configured to use only ciphers employing FIPS 140-3 validated cryptographic hash algorithms. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-010300 - RHEL 8 system commands must have mode 755 or less permissive. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010320 - RHEL 8 system commands must be group-owned by root or a system account. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010330 - RHEL 8 library files must have mode 755 or less permissive. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010350 - RHEL 8 library files must be group-owned by root or a system account. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010358 - RHEL 8 must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010359 - The RHEL 8 operating system must use a file integrity tool to verify correct operation of all security functions. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-08-010371 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010381 - RHEL 8 must require users to reauthenticate for privilege escalation. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010383 - RHEL 8 must use the invoking user's password for privilege escalation when using "sudo". | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-010385 - The RHEL 8 operating system must not be configured to bypass password requirements for privilege escalation. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010440 - YUM must remove all software components after updated versions have been installed on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-08-010470 - There must be no .shosts files on the RHEL 8 operating system. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010471 - RHEL 8 must enable the hardware random number generator entropy gatherer service. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010543 - A separate RHEL 8 filesystem must be used for the /tmp directory. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010571 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on the /boot directory. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010580 - RHEL 8 must prevent special devices on non-root local partitions. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010600 - RHEL 8 must prevent special devices on file systems that are used with removable media. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010673 - RHEL 8 must disable core dumps for all users. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010675 - RHEL 8 must disable core dump backtraces. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010680 - For RHEL 8 systems using Domain Name Servers (DNS) resolution, at least two name servers must be configured. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010690 - Executable search paths within the initialization files of all local interactive RHEL 8 users must only contain paths that resolve to the system default or the users home directory. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020000 - RHEL 8 temporary user accounts must be provisioned with an expiration time of 72 hours or less. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020013 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020014 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020016 - RHEL 8 must ensure account lockouts persist. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020018 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020020 - RHEL 8 must log user name information when unsuccessful logon attempts occur. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020021 - RHEL 8 must log user name information when unsuccessful logon attempts occur. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020023 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020025 - RHEL 8 must configure the use of the pam_faillock.so module in the /etc/pam.d/system-auth file. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020028 - RHEL 8 systems below version 8.2 must configure SELinux context type to allow the use of a non-default faillock tally directory. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020031 - RHEL 8 must initiate a session lock for graphical user interfaces when the screensaver is activated. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-651030 - RHEL 9 must be configured so that the file integrity tool verifies Access Control Lists (ACLs). | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-651035 - RHEL 9 must be configured so that the file integrity tool verifies extended attributes. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-653065 - RHEL 9 must take appropriate action when the internal event queue is full. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653075 - RHEL 9 audit system must audit local events. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653100 - RHEL 9 must produce audit records containing information to establish the identity of any individual or process associated with the event. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| RHEL-09-653120 - RHEL 9 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-654030 - RHEL 9 must audit all uses of umount system calls. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654090 - RHEL 9 must audit all uses of the chsh command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654180 - RHEL 9 must audit all uses of the mount command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654245 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654260 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/tallylog. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654270 - RHEL 9 audit system must protect logon UIDs from unauthorized change. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-671025 - RHEL 9 pam_unix.so module must be configured in the password-auth file to use a FIPS 140-3 approved cryptographic hashing algorithm for system authentication. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-672020 - RHEL 9 cryptographic policy must not be overridden. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
