| ALMA-09-009590 | V1R4 | AlmaLinux OS 9 must check the GPG signature of software packages originating from external software repositories before installation. | AlmaLinux OS 9 |
| ALMA-09-009700 | V1R4 | AlmaLinux OS 9 must ensure cryptographic verification of vendor software packages. | AlmaLinux OS 9 |
| ALMA-09-009810 | V1R4 | AlmaLinux OS 9 must check the GPG signature of locally installed software packages before installation. | AlmaLinux OS 9 |
| ALMA-09-009920 | V1R4 | AlmaLinux OS 9 must check the GPG signature of repository metadata before package installation. | AlmaLinux OS 9 |
| ALMA-09-010030 | V1R4 | AlmaLinux OS 9 must have GPG signature verification enabled for all software repositories. | AlmaLinux OS 9 |
| ALMA-09-010140 | V1R4 | AlmaLinux OS 9 must prevent the loading of a new kernel for later execution. | AlmaLinux OS 9 |
| APPL-13-002064 | V1R5 | The macOS system must have the security assessment policy subsystem enabled. | macOS 13 - Ventura |
| APPL-14-002060 | V2R4 | The macOS system must apply gatekeeper settings to block applications from unidentified developers. | macOS 14 - Sonoma |
| APPL-14-002064 | V2R4 | The macOS system must enable Gatekeeper. | macOS 14 - Sonoma |
| APPL-15-002060 | V1R5 | The macOS system must apply gatekeeper settings to block applications from unidentified developers. | macOS 15 - Sequoia |
| APPL-15-002064 | V1R5 | The macOS system must enable gatekeeper. | macOS 15 - Sequoia |
| OL07-00-020050 | V3R3 | The Oracle Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | Oracle Linux 7 |
| OL07-00-020060 | V3R3 | The Oracle Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | Oracle Linux 7 |
| OL07-00-010019 | V3R3 | The Oracle Linux operating system must ensure cryptographic verification of vendor software packages. | Oracle Linux 7 |
| OL08-00-010370 | V2R6 | YUM must be configured to prevent the installation of patches, service packs, device drivers, or OL 8 system components that have not been digitally signed using a certificate that is recognized and approved by the organization. | Oracle Linux 8 |
| OL08-00-010371 | V2R6 | OL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | Oracle Linux 8 |
| OL08-00-010372 | V2R6 | OL 8 must prevent the loading of a new kernel for later execution. | Oracle Linux 8 |
| OL08-00-010019 | V2R6 | OL 8 must ensure cryptographic verification of vendor software packages. | Oracle Linux 8 |
| OL09-00-000330 | V1R3 | OL 9 must have the subscription-manager package installed. | Oracle Linux 9 |
| OL09-00-000496 | V1R3 | OL 9 must check the GPG signature of locally installed software packages before installation. | Oracle Linux 9 |
| OL09-00-000497 | V1R3 | OL 9 must check the GPG signature of software packages originating from external software repositories before installation. | Oracle Linux 9 |
| OL09-00-000498 | V1R3 | OL 9 must have GPG signature verification enabled for all software repositories. | Oracle Linux 9 |
| OL09-00-000499 | V1R3 | OL 9 must ensure cryptographic verification of vendor software packages. | Oracle Linux 9 |
| OL09-00-002428 | V1R3 | OL 9 must prevent the loading of a new kernel for later execution. | Oracle Linux 9 |
| RHEL-07-020050 | V3R9 | The Red Hat Enterprise Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | Red Hat Enterprise Linux 7 |
| RHEL-07-020060 | V3R9 | The Red Hat Enterprise Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | Red Hat Enterprise Linux 7 |
| RHEL-08-010370 | V2R5 | RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | Red Hat Enterprise Linux 8 |
| RHEL-08-010371 | V2R5 | RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | Red Hat Enterprise Linux 8 |
| RHEL-08-010372 | V2R5 | RHEL 8 must prevent the loading of a new kernel for later execution. | Red Hat Enterprise Linux 8 |
| RHEL-08-010019 | V2R5 | RHEL 8 must ensure cryptographic verification of vendor software packages. | Red Hat Enterprise Linux 8 |
| RHEL-09-214010 | V2R6 | RHEL 9 must ensure cryptographic verification of vendor software packages. | Red Hat Enterprise Linux 9 |
| RHEL-09-214015 | V2R6 | RHEL 9 must check the GPG signature of software packages originating from external software repositories before installation. | Red Hat Enterprise Linux 9 |
| RHEL-09-214020 | V2R6 | RHEL 9 must check the GPG signature of locally installed software packages before installation. | Red Hat Enterprise Linux 9 |
| RHEL-09-214025 | V2R6 | RHEL 9 must have GPG signature verification enabled for all software repositories. | Red Hat Enterprise Linux 9 |
| RHEL-09-215010 | V2R6 | RHEL 9 subscription-manager package must be installed. | Red Hat Enterprise Linux 9 |
| SLES-12-010550 | V3R2 | The SUSE operating system tool zypper must have gpgcheck enabled. | SUSE Linux Enterprise 12 |
| SLES-15-010430 | V2R4 | The SUSE operating system tool zypper must have gpgcheck enabled. | SUSE Linux Enterprise 15 |
| TOSS-04-010220 | V2R3 | TOSS must prevent the installation of patches, service packs, device drivers, or operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization. | Tri-Lab Operating System Stack |
| UBTU-18-010016 | V2R15 | Advance package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization. | Ubuntu 18.04 |
| UBTU-20-010438 | V2R3 | The Ubuntu operating system's Advance Package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization. | Ubuntu 20.04 |
| UBTU-22-214010 | V2R6 | Ubuntu 22.04 LTS must be configured so that the Advance Package Tool (APT) prevents the installation of patches, service packs, device drivers, or operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization. | Ubuntu 22.04 |
| UBTU-24-300001 | V1R1 | Ubuntu 24.04 LTS Advance Package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu 24.04 LTS components without verification they have been digitally signed using a certificate that is recognized and approved by the organization. | Ubuntu 24.04 |