| RHEL-08-030690 - The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-040004 - RHEL 8 must enable mitigations against processor-based vulnerabilities. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040010 - RHEL 8 must not have the rsh-server package installed. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040022 - RHEL 8 must disable the controller area network (CAN) protocol. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040030 - RHEL 8 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040090 - A RHEL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-08-040133 - RHEL 8 must mount /var/tmp with the nosuid option. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040135 - The RHEL 8 fapolicy module must be installed. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040160 - All RHEL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-040161 - RHEL 8 must force a frequent session key renegotiation for SSH connections to the server. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-08-040180 - The debug-shell systemd service must be disabled on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040209 - RHEL 8 must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040262 - RHEL 8 must not accept router advertisements on all IPv6 interfaces by default. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040282 - RHEL 8 must restrict usage of ptrace to descendant processes. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040310 - The RHEL 8 file integrity tool must be configured to verify Access Control Lists (ACLs). | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040350 - If the Trivial File Transfer Protocol (TFTP) server is required, the RHEL 8 TFTP daemon must be configured to operate in secure mode. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040360 - A File Transfer Protocol (FTP) server package must not be installed unless mission essential on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040370 - The gssproxy package must not be installed unless mission essential on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040380 - The iprutils package must not be installed unless mission essential on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-171011 - RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-09-213060 - RHEL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-214015 - RHEL 9 must check the GPG signature of software packages originating from external software repositories before installation. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-214020 - RHEL 9 must check the GPG signature of locally installed software packages before installation. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231020 - RHEL 9 must use a separate file system for /var. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231030 - RHEL 9 must use a separate file system for the system audit data path. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-231035 - RHEL 9 must use a separate file system for /var/tmp. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231055 - RHEL 9 must prevent code from being executed on file systems that contain user home directories. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231095 - RHEL 9 must mount /boot with the nodev option. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231105 - RHEL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231120 - RHEL 9 must mount /dev/shm with the nosuid option. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231145 - RHEL 9 must mount /var/log with the nodev option. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231150 - RHEL 9 must mount /var/log with the noexec option. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231165 - RHEL 9 must mount /var/log/audit with the noexec option. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231175 - RHEL 9 must mount /var/tmp with the nodev option. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232040 - RHEL 9 cron configuration directories must have a mode of 0700 or less permissive. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232160 - RHEL 9 /etc/shadow- file must be owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232165 - RHEL 9 /etc/shadow- file must be group-owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232195 - RHEL 9 system commands must be group-owned by root or a system account. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232245 - A sticky bit must be set on all RHEL 9 public directories. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-232255 - All RHEL 9 local files and directories must have a valid owner. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232260 - RHEL 9 must be configured so that all system device files are correctly labeled to prevent unauthorized modification. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232265 - RHEL 9 /etc/crontab file must have mode 0600. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-251045 - RHEL 9 must enable hardening for the Berkeley Packet Filter just-in-time compiler. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-252010 - RHEL 9 must have the chrony package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-252015 - RHEL 9 chronyd service must be enabled. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-252065 - RHEL 9 libreswan package must be installed. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-252070 - There must be no shosts.equiv files on RHEL 9. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-253015 - RHEL 9 must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-253030 - RHEL 9 must log IPv4 packets with impossible addresses by default. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-253045 - RHEL 9 must not forward IPv4 source-routed packets by default. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
