| 1.1.19 Ensure sticky bit is set on all world-writable directories | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.1 Ensure package manager repositories are configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.1 Ensure core dumps are restricted - limits.conf, limits.d/* | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.1 Ensure message of the day is configured properly - banner_check | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.1 Ensure message of the day is configured properly - msrv | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.4 Ensure permissions on /etc/motd are configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1.1 Ensure time synchronization is in use | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.2 Ensure ntp is configured - remote server | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.3 Ensure chrony is configured - remote server | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.8 Ensure NFS and RPC are not enabled - nfs | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.8 Ensure NFS and RPC are not enabled - nfs-server | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.13 Ensure Samba is not enabled | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.19 Ensure rsh server is not enabled - rexec.socket | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.22 Ensure rsync service is not enabled | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.4 Ensure telnet client is not installed | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.1.2 Ensure packet redirect sending is disabled - /etc/sysctl.conf /etc/sysctl.d/* net.ipv4.conf.all.send_redirects=0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.2 Ensure packet redirect sending is disabled - sysctl net.ipv4.conf.default.send_redirects=0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv4.conf.all.accept_source_route=0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv6.conf.default.accept_source_route=0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - /etc/sysctl.conf /etc/sysctl.d/* net.ipv6.conf.default.accept_redirects=0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv4.conf.all.accept_redirects=0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv4.conf.default.accept_redirects=0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.3 Ensure secure ICMP redirects are not accepted - /etc/sysctl.conf /etc/sysctl.d/* net.ipv4.conf.default.secure_redirects=0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.3 Ensure secure ICMP redirects are not accepted - sysctl net.ipv4.conf.all.secure_redirects=0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.4 Ensure suspicious packets are logged - sysctl net.ipv4.conf.default.log_martians=1 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.6 Ensure bogus ICMP responses are ignored - /etc/sysctl.conf /etc/sysctl.d/* | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl net.ipv6.conf.all.accept_ra=0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl net.ipv6.conf.default.accept_ra=0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.3 Ensure /etc/hosts.deny is configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.2.1 Ensure default deny firewall policy - Chain INPUT | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.2.1 Ensure default deny firewall policy - Chain OUTPUT | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.2.2 Ensure loopback traffic is configured - OUTPUT | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.2.3 Ensure outbound and established connections are configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.3.1 Ensure IPv6 default deny firewall policy - Chain OUTPUT | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.3.2 Ensure IPv6 loopback traffic is configured - OUTPUT | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.3.4 Ensure IPv6 firewall rules exist for all open ports | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.3 Ensure permissions on /etc/shadow are configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.6 Ensure permissions on /etc/passwd- are configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.8 Ensure permissions on /etc/group- are configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.9 Ensure permissions on /etc/gshadow- are configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.11 Ensure no unowned files or directories exist | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.1.12 Ensure no ungrouped files or directories exist | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.1 Ensure password fields are not empty | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd - + entries exist in /etc/passwd | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.3 Ensure no legacy '+' entries exist in /etc/shadow - + entries exist in /etc/shadow | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.12 Ensure no users have .netrc files | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.14 Ensure no users have .rhosts files | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ESXI-67-000033 - The password hashes stored on the ESXi host must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm. | DISA STIG VMware vSphere 6.7 ESXi OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| GEN000590 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes - CRYPT_ALGORITHMS_ALLOW | DISA STIG Solaris 10 SPARC v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - '/etc/passwd' | DISA STIG for Oracle Linux 5 v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
