| 1.1.1.1 Ensure mounting of cramfs filesystems is disabled | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.1.1.3 Ensure mounting of udf filesystems is disabled | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.1.2 Ensure /tmp is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.3 Ensure noexec option set on /tmp partition | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.1.9 Ensure nosuid option set on /dev/shm partition | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.13 Ensure /var/tmp partition includes the nodev option | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION |
| 1.1.14 Ensure /var/tmp partition includes the nosuid option | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION |
| 1.1.18 Ensure /home partition includes the nodev option | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION |
| 1.1.22 Ensure nosuid option set on removable media partitions | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.2 Ensure SELinux is not disabled in bootloader configuration | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.8 Ensure the MCS Translation Service (mcstrans) is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.7.2 Ensure local login warning banner is configured properly | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.7.6 Ensure permissions on /etc/issue are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.1.2 Ensure chrony is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.3 Ensure ntp is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.6 Ensure LDAP server is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.10 Ensure IMAP and POP3 server is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.14 Ensure NIS server is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.3.5 Ensure LDAP client is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.4 Ensure nonessential services are removed or masked | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.7 Ensure bogus ICMP responses are ignored | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.5.1.7 Ensure firewalld drops unnecessary services and ports | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.5 Ensure an nftables table exists | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.1 Ensure iptables loopback traffic is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.3 Ensure iptables rules exist for all open ports | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.5.3.3.1 Ensure ip6tables loopback traffic is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3.2 Ensure ip6tables outbound and established connections are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 4.2.4 Ensure permissions on all logfiles are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.2 Ensure permissions on /etc/crontab are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.9 Ensure at is restricted to authorized users | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.1 Ensure sudo is installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.20 Ensure SSH LoginGraceTime is set to one minute or less | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.24 Ensure SSH MaxStartups is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.2 Ensure minimum days between password changes is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.6 Ensure root login is restricted to system console | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE, SYSTEM AND SERVICES ACQUISITION |
| 6.1.3 Ensure permissions on /etc/passwd- are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.4 Ensure permissions on /etc/shadow are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.5 Ensure permissions on /etc/shadow- are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.7 Ensure permissions on /etc/gshadow are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.11 Ensure no unowned files or directories exist | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 6.1.13 Audit SUID executables | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.1.14 Audit SGID executables | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.1 Ensure accounts in /etc/passwd use shadowed passwords | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.4 Ensure shadow group is empty | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.6 Ensure no duplicate group names exist | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.7 Ensure no duplicate UIDs exist | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.9 Ensure root is the only UID 0 account | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 6.2.10 Ensure root PATH Integrity | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.11 Ensure all users' home directories exist | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
