.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
STIG Rules List
The following table lists all the STIG rules with their:
- Control Group - you can use the Control Group ID as an argument in the manage-stig-controls script to expand on reduce the scope of rules checked. (1= ssh-prevent-root, 2 = ssh, 3 = fips-kernel, 4 = auth, 5 = audit, 6 = packages, 7 = services)
- Default Status - tells you if the rule is enabled or disabled by default.
- Passed or Exception status - tells you if the rule passed (that is, complies with STIG) or is an exception.
- CCE Number:
CCE-82155-3
- Rule Name:
Enable Dracut FIPS Module
- Control Group:
fips-kernel
- Default Status:
disabled
- Passed/ Exception:
Exception
- CCE Number:
CCE-80942-6
- Rule Name:
Enable FIPS Mode
- Control Group:
fips-kernel
- Default Status:
disabled
- Passed/ Exception:
Exception
- CCE Number:
CCE-84027-2
- Rule Name:
Set kernel parameter 'crypto.fips_enabled' to 1
- Control Group:
fips-kernel
- Default Status:
disabled
- Passed/ Exception:
Exception
- CCE Number:
CCE-80934-3
- Rule Name:
Configure BIND to use System Crypto Policy
- Control Group:
N/A
- Default Status:
N/A
- Passed/ Exception:
Passed
- CCE Number:
CCE-80935-0
- Rule Name:
Configure System Cryptography Policy
- Control Group:
fips-kernel
- Default Status:
disabled
- Passed/ Exception:
Exception
- CCE Number:
CCE-80936-8
- Rule Name:
Configure Kerberos to use System Crypto Policy
- Control Group:
N/A
- Default Status:
N/A
- Passed/ Exception:
Exception
- CCE Number:
CCE-80937-6
- Rule Name:
Configure Libreswan to use System Crypto Policy
- Control Group:
N/A
- Default Status:
N/A
- Passed/ Exception:
Passed
- CCE Number:
CCE-85902-5
- Rule Name:
Configure SSH Client to Use FIPS 140-2 Validated Ciphers: openssh.config
- Control Group:
N/A
- Default Status:
enabled
- Passed/ Exception:
Passed
- CCE Number:
CCE-80947-5
- Rule Name:
The Installed Operating System Is Vendor Supported
- Control Group:
N/A
- Default Status:
enabled
- Passed/ Exception:
Passed
- CCE Number:
CCE-80789-1
- Rule Name:
Encrypt Partitions
- Control Group:
N/A
- Default Status:
N/A
- Passed/ Exception:
Exception
- CCE Number:
CCE-80823-8
- Rule Name:
Disable GDM Automatic Login
- Control Group:
N/A
- Default Status:
N/A
- Passed/ Exception:
N/A
- CCE Number:
CCE-84028-0
- Rule Name:
Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3
- Control Group:
N/A
- Default Status:
N/A
- Passed/ Exception:
N/A
- CCE Number:
CCE-80795-8
- Rule Name:
Ensure AlmaLinux GPG Key Installed
- Control Group:
N/A
- Default Status:
enabled
- Passed/ Exception:
Passed
- CCE Number:
CCE-80790-9
- Rule Name:
Ensure gpgcheck Enabled In Main yum Configuration
- Control Group:
N/A
- Default Status:
enabled
- Passed/ Exception:
Passed
- CCE Number:
CCE-80791-7
- Rule Name:
Ensure gpgcheck Enabled for Local Packages
- Control Group:
packages
- Default Status:
enabled
- Passed/ Exception:
Passed
- CCE Number:
CCE-80792-5
- Rule Name:
Ensure gpgcheck Enabled for All yum Package Repositories
- Control Group:
N/A
- Default Status:
enabled
- Passed/ Exception:
Passed
- CCE Number:
CCE-80784-2
- Rule Name:
Disable Ctrl-Alt-Del Burst Action
- Control Group:
services
- Default Status:
enabled
- Passed/ Exception:
Passed
- CCE Number:
CCE-80785-9
- Rule Name:
Disable Ctrl-Alt-Del Reboot Activation
- Control Group:
services
- Default Status:
enabled
- Passed/ Exception:
Passed
- CCE Number:
CCE-80841-0
- Rule Name:
Prevent Login to Accounts With Empty Password
- Control Group:
ssh
- Default Status:
enabled
- Passed/ Exception:
Passed
- CCE Number:
CCE-80649-7
- Rule Name:
Verify Only Root Has UID 0
- Control Group:
N/A