| GEN000000-AIX00060 - A baseline of AIX files with the TCB bit set must be checked weekly. | DISA STIG AIX 5.3 v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN000000-AIX0340 - The /etc/ftpaccess.ctl file must have mode 0640 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN000460 - The system must disable accounts after three consecutive unsuccessful login attempts. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000585 - The system must enforce the entire password during authentication - 'Verify no password hashes in /etc/passwd' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000595 - Password hashes must have been generated using a FIPS 140-2 hashing algorithm - 'no password hashes in /etc/security/passwd' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000680 - The system must require passwords to contain no more than three consecutive repeating characters. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN000700 - User passwords must be changed at least every 60 days. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000980 - The system must prevent the root account from directly logging in except from the system console. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN001140 - System files and directories must not have uneven access permissions - '/etc' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001140 - System files and directories must not have uneven access permissions - '/usr/ucb' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001170 - All files and directories must have a valid group owner. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001180 - All network services daemon files must have mode 0755 or less permissive - '/usr/bin/*' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001180 - All network services daemon files must have mode 0755 or less permissive - '/usr/sbin/*' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001220 - All system files, programs, and directories must be owned by a system account - '/etc/*' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001220 - All system files, programs, and directories must be owned by a system account - '/usr/lbin/*' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001220 - All system files, programs, and directories must be owned by a system account - '/usr/ucb/*' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001240 - System files, programs, and directories must be group-owned by a system group - '/usr/ucb/*' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001300 - Library files must have mode 0755 or less permissive - '/usr/lib/*' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001379 - The /etc/passwd file must be group-owned by bin, security, sys, or system. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001390 - The /etc/passwd file must not have an extended ACL. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001393 - The /etc/group file must have mode 0644 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001394 - The /etc/group file must not have an extended ACL. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001430 - The /etc/security/passwd file must not have an extended ACL. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001475 - The /etc/group file must not contain any group password hashes. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001720 - All global initialization files must have mode 0644 or less permissive - '/etc/.login' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001720 - All global initialization files must have mode 0644 or less permissive - '/etc/csh.cshrc' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001720 - All global initialization files must have mode 0644 or less permissive - '/etc/security/.profile' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001720 - All global initialization files must have mode 0644 or less permissive - '/etc/security/environ' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001780 - Global initialization files must contain the mesg -n or mesg n commands. - '/etc/.login' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001800 - All skeleton files (typically those in /etc/skel) must have mode 0644 or less permissive - '/etc/security/mkuser.sys' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001830 - All skeleton files (typically in /etc/skel) must be group-owned by security - '/etc/security/.profile' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001870 - Local initialization files must be group-owned by the user's primary group or root - '~/.dispatch' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001870 - Local initialization files must be group-owned by the user's primary group or root - '~/.env' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001870 - Local initialization files must be group-owned by the user's primary group or root - '~/.login' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001890 - Local initialization files must not have extended ACLs - '.bash_logout' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001890 - Local initialization files must not have extended ACLs - '.emacs' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001890 - Local initialization files must not have extended ACLs - '.env' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001890 - Local initialization files must not have extended ACLs - '.login' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN002040 - There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system - '.shosts' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN002040 - There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system - 'hosts.equiv' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN002060 - All .rhosts, .shosts, .netrc, or hosts.equiv files must be accessible by only root or the owner - '~/shosts.equiv' - user | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN002210 - All shell files must be group-owned by root, bin, sys, or system. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN002280 - Device files and directories must only be writable by users with a system account or as configured by the vendor. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN002330 - Audio devices must not have extended ACLs. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN002710 - All system audit files must not have extended ACLs. | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002715 - System audit tool executables must be owned by root - '/usr/sbin/audit' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002718 - System audit tool executables must not have extended ACLs - '/usr/sbin/audit' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN003050 - Crontab files must be group-owned by system, cron, or the crontab creator's primary group. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.deny file - 'bin' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.deny file - 'guest' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
