| 1.1.5 Ensure nosuid option set on /tmp partition | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION |
| 1.2.1 Ensure GPG keys are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.1 Set 'privilege 1' for local users - 'No users with privileges 2-15' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL |
| 1.4.2 Ensure permissions on bootloader config are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.5.1 Ensure core dumps are restricted | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.5.2 Ensure XD/NX support is enabled | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.7 Ensure SETroubleshoot is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.3 Ensure Avahi Server is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.18 Ensure rpcbind is not installed or the rpcbind services are masked | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.3.1 Ensure NIS Client is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.5.14.3.1.6 Ensure 'Remove file extensions blocked as Level 2' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.2.2 Ensure packet redirect sending is disabled | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure TCP SYN Cookies is enabled | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.5.1.2 Ensure iptables-services not installed with firewalld | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.3 Ensure nftables either not installed or masked with firewalld | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.3 Ensure iptables-services not installed with nftables | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.6 Ensure nftables base chains exist | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.6 Ensure iptables is enabled and running | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3.3 Ensure ip6tables firewall rules exist for all open ports | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.1.2 Ensure rsyslog Service is enabled and running | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.4 Ensure logging is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 4.2.2.1 Ensure journald is configured to send logs to rsyslog | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.2.2 Ensure journald is configured to compress large log files | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.11.8.3 (L1) Ensure 'Prevent the use of security questions for local accounts' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.1.1 Ensure cron daemon is enabled and running | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.1.4 Ensure permissions on /etc/cron.daily are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.5 Ensure permissions on /etc/cron.weekly are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.6 Ensure SSH access is limited | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.13 Ensure SSH PermitEmptyPasswords is disabled | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.22 Ensure SSH PAM is enabled | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.4.1 Ensure password creation requirements are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.1 Ensure password expiration is 365 days or less | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.3 Ensure password expiration warning days is 7 or more | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.5 Ensure default user umask is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.14 Ensure users' dot files are not group or world writable | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.16 Ensure no users have .netrc files | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.2.17 Ensure no users have .rhosts files | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.12.2 Ensure At Least 2 External SYSLOG Hosts are Set with Any/Info | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | AUDIT AND ACCOUNTABILITY |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - opera.exe 2 | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000020 - The unexposed feature keyword isolation.ghi.host.shellAction.disable must be initialized to decrease the VMs potential attack vectors. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000029 - The unexposed feature keyword isolation.tools.unity.windowContents.disable must be initialized to decrease the VMs potential attack vectors. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000030 - The unexposed feature keyword isolation.tools.vmxDnDVersionGet.disable must be initialized to decrease the VMs potential attack vectors. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN000520 - The root user must not own the logon session for an application requiring a continuous display. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN002740-2 - The audit system must be configured to audit file deletions - 'rmdir' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002740-2 - The audit system must be configured to audit file deletions - 'rmdir' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| VM : disable-unexposed-features-biosbbs | VMWare vSphere 5.X Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| VM : disable-unexposed-features-shellaction | VMWare vSphere 5.X Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
