| RHEL-09-214025 - RHEL 9 must have GPG signature verification enabled for all software repositories. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-215025 - RHEL 9 must not have the nfs-utils package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-215055 - RHEL 9 must not have the tuned package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231010 - A separate RHEL 9 file system must be used for user home directories (such as /home or an equivalent). | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231025 - RHEL 9 must use a separate file system for /var/log. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231055 - RHEL 9 must prevent code from being executed on file systems that contain user home directories. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231080 - RHEL 9 must prevent code from being executed on file systems that are used with removable media. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231095 - RHEL 9 must mount /boot with the nodev option. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231135 - RHEL 9 must mount /tmp with the nosuid option. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231185 - RHEL 9 must mount /var/tmp with the nosuid option. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231190 - RHEL 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-232015 - RHEL 9 library directories must have mode 755 or less permissive. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232025 - RHEL 9 /var/log directory must have mode 0755 or less permissive. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-232040 - RHEL 9 permissions of cron configuration files and directories must not be modified from the operating system defaults. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232095 - RHEL 9 /etc/group file must be group-owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232135 - RHEL 9 /etc/passwd file must be group-owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232185 - RHEL 9 /var/log/messages file must be group-owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-232210 - RHEL 9 library directories must be owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232235 - RHEL 9 cron configuration files directory must be group-owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232250 - All RHEL 9 local files and directories must have a valid group owner. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232255 - All RHEL 9 local files and directories must have a valid owner. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232260 - RHEL 9 must be configured so that all system device files are correctly labeled to prevent unauthorized modification. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-251010 - RHEL 9 must have the firewalld package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| RHEL-09-251015 - The firewalld service on RHEL 9 must be active. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| RHEL-09-251035 - RHEL 9 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-251040 - RHEL 9 network interfaces must not be in promiscuous mode. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-253030 - RHEL 9 must log IPv4 packets with impossible addresses by default. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-253035 - RHEL 9 must use reverse path filtering on all IPv4 interfaces. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-253055 - RHEL 9 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-253060 - RHEL 9 must limit the number of bogus Internet Control Message Protocol (ICMP) response errors logs. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-255010 - All RHEL 9 networked systems must have SSH installed. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-255015 - All RHEL 9 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-255025 - RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a SSH logon. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| RHEL-09-255040 - RHEL 9 SSHD must not allow blank passwords. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-255050 - RHEL 9 must enable the Pluggable Authentication Module (PAM) interface for SSHD. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | MAINTENANCE |
| RHEL-09-255090 - RHEL 9 must force a frequent session key renegotiation for SSH connections to the server. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-255120 - RHEL 9 SSH private host key files must have mode 0640 or less permissive. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-271010 - RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| RHEL-09-271015 - RHEL 9 must prevent a user from overriding the banner-message-enable setting for the graphical user interface. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| RHEL-09-271030 - RHEL 9 must disable the graphical user interface autorun function unless required. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-271055 - RHEL 9 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| RHEL-09-271100 - RHEL 9 must prevent a user from overriding the disable-restart-buttons setting for the graphical user interface. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-271105 - RHEL 9 must disable the ability of a user to accidentally press Ctrl-Alt-Del and cause a system to shut down or reboot. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-411030 - RHEL 9 duplicate User IDs (UIDs) must not exist for interactive users. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-411045 - All RHEL 9 interactive users must have a primary group that exists. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-411055 - Executable search paths within the initialization files of all local interactive RHEL 9 users must only contain paths that resolve to the system default or the users home directory. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-411080 - RHEL 9 must automatically lock the root account until the root account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| RHEL-09-411085 - RHEL 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| RHEL-09-411090 - RHEL 9 must maintain an account lock until the locked account is released by an administrator. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| RHEL-09-411100 - The root account must be the only account having unrestricted access to RHEL 9 system. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
