| RHEL-09-213060 - RHEL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-214015 - RHEL 9 must check the GPG signature of software packages originating from external software repositories before installation. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-214020 - RHEL 9 must check the GPG signature of locally installed software packages before installation. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231020 - RHEL 9 must use a separate file system for /var. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231030 - RHEL 9 must use a separate file system for the system audit data path. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-231035 - RHEL 9 must use a separate file system for /var/tmp. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231055 - RHEL 9 must prevent code from being executed on file systems that contain user home directories. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231095 - RHEL 9 must mount /boot with the nodev option. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231105 - RHEL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231120 - RHEL 9 must mount /dev/shm with the nosuid option. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231145 - RHEL 9 must mount /var/log with the nodev option. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231150 - RHEL 9 must mount /var/log with the noexec option. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231165 - RHEL 9 must mount /var/log/audit with the noexec option. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231175 - RHEL 9 must mount /var/tmp with the nodev option. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232040 - RHEL 9 cron configuration directories must have a mode of 0700 or less permissive. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232160 - RHEL 9 /etc/shadow- file must be owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232165 - RHEL 9 /etc/shadow- file must be group-owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232195 - RHEL 9 system commands must be group-owned by root or a system account. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232245 - A sticky bit must be set on all RHEL 9 public directories. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-232255 - All RHEL 9 local files and directories must have a valid owner. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232260 - RHEL 9 must be configured so that all system device files are correctly labeled to prevent unauthorized modification. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232265 - RHEL 9 /etc/crontab file must have mode 0600. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-251045 - RHEL 9 must enable hardening for the Berkeley Packet Filter just-in-time compiler. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-252010 - RHEL 9 must have the chrony package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-252015 - RHEL 9 chronyd service must be enabled. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-252065 - RHEL 9 libreswan package must be installed. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-252070 - There must be no shosts.equiv files on RHEL 9. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-253015 - RHEL 9 must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-253030 - RHEL 9 must log IPv4 packets with impossible addresses by default. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-253045 - RHEL 9 must not forward IPv4 source-routed packets by default. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-254010 - RHEL 9 must not accept router advertisements on all IPv6 interfaces. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-254015 - RHEL 9 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-255010 - All RHEL 9 networked systems must have SSH installed. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-255025 - RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a SSH logon. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-09-255080 - RHEL 9 must not allow a noncertificate trusted host SSH logon to the system. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-255085 - RHEL 9 must not allow users to override SSH environment variables. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-255145 - RHEL 9 SSH daemon must not allow rhosts authentication. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-255165 - RHEL 9 SSH daemon must display the date and time of the last successful account logon upon an SSH logon. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-271015 - RHEL 9 must prevent a user from overriding the banner-message-enable setting for the graphical user interface. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-09-271020 - RHEL 9 must disable the graphical user interface automount function unless required. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-271045 - RHEL 9 must be able to initiate directly a session lock for all connection types using smart card when the smart card is removed. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-09-271070 - RHEL 9 must prevent a user from overriding the session idle-delay setting for the graphical user interface. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-09-271110 - RHEL 9 must prevent a user from overriding the Ctrl-Alt-Del sequence settings for the graphical user interface. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-291015 - RHEL 9 must have the USBGuard package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-291040 - RHEL 9 wireless network adapters must be disabled. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-411045 - All RHEL 9 interactive users must have a primary group that exists. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-411070 - All RHEL 9 local interactive user home directories must be group-owned by the home directory owner's primary group. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-411080 - RHEL 9 must automatically lock the root account until the root account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-09-411090 - RHEL 9 must maintain an account lock until the locked account is released by an administrator. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-09-431020 - RHEL 9 must configure SELinux context type to allow the use of a nondefault faillock tally directory. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | ACCESS CONTROL |
