- UBTU-20-010000 - The Ubuntu operating system must provision temporary user accounts with an expiration time of 72 hours or less.
- UBTU-20-010002 - The Ubuntu operating system must enable the graphical user logon banner to display the Standard Mandatory DoD Notice and Consent Banner before granting local access to the system via a graphical user logon.
- UBTU-20-010003 - The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local access to the system via a graphical user logon.
- UBTU-20-010004 - The Ubuntu operating system must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.
- UBTU-20-010005 - The Ubuntu operating system must allow users to directly initiate a session lock for all connection types.
- UBTU-20-010006 - The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication.
- UBTU-20-010007 - The Ubuntu operating system must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.
- UBTU-20-010008 - The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.
- UBTU-20-010009 - Ubuntu operating systems when booted must require authentication upon booting into single-user and maintenance modes.
- UBTU-20-010010 - The Ubuntu operating system must uniquely identify interactive users.
- UBTU-20-010012 - The Ubuntu operating system must ensure only users who need access to security functions are part of sudo group.
- UBTU-20-010013 - The Ubuntu operating system must automatically terminate a user session after inactivity timeouts have expired.
- UBTU-20-010014 - The Ubuntu operating system must require users to reauthenticate for privilege escalation or when changing roles.
- UBTU-20-010016 - The Ubuntu operating system default filesystem permissions must be defined in such a way that all authenticated users can read and modify only their own files.
- UBTU-20-010033 - The Ubuntu operating system must implement smart card logins for multifactor authentication for local and network access to privileged and non-privileged accounts - libpam-pkcs11
- UBTU-20-010033 - The Ubuntu operating system must implement smart card logins for multifactor authentication for local and network access to privileged and non-privileged accounts - PubkeyAuthentication
- UBTU-20-010035 - The Ubuntu operating system must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions.
- UBTU-20-010036 - The Ubuntu operating system must immediately terminate all network connections associated with SSH traffic after a period of inactivity.
- UBTU-20-010037 - The Ubuntu operating system must immediately terminate all network connections associated with SSH traffic at the end of the session or after 10 minutes of inactivity.
- UBTU-20-010038 - The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting any local or remote connection to the system - banner text
- UBTU-20-010038 - The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting any local or remote connection to the system - sshd_config
- UBTU-20-010042 - The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information - openssh-server
- UBTU-20-010042 - The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information - sshd.service
- UBTU-20-010043 - The Ubuntu operating system must configure the SSH daemon to use Message Authentication Codes (MACs)
- UBTU-20-010044 - The Ubuntu operating system must configure the SSH daemon to use FIPS 140-2 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
- UBTU-20-010047 - The Ubuntu operating system must not allow unattended or automatic login via SSH - PermitEmptyPasswords
- UBTU-20-010047 - The Ubuntu operating system must not allow unattended or automatic login via SSH - PermitUserEnvironment
- UBTU-20-010048 - The Ubuntu operating system must be configured so that remote X connections are disabled, unless to fulfill documented and validated mission requirements.
- UBTU-20-010049 - The Ubuntu operating system SSH daemon must prevent remote hosts from connecting to the proxy display.
- UBTU-20-010050 - The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.
